@niledatabase/server 4.0.0-alpha.2 → 4.0.0-alpha.21

package/dist/index.d.ts

@@ -28,6 +28,7 @@ type ApiParams = {
     routes?: Partial<Routes>;
     routePrefix?: string | undefined;
     secureCookies?: boolean;
+    origin?: null | undefined | string;
 };
 declare class ApiConfig {
     cookieKey?: string;
@@ -35,6 +36,7 @@ declare class ApiConfig {
     routes?: Partial<Routes>;
     routePrefix?: string;
     secureCookies?: boolean;
+    origin?: string | null;
     /**
      * The client side callback url. Defaults to nothing (so nile.origin will be it), but in the cases of x-origin, you want to set this explicitly to be sure nile-auth does the right thing
      * If this is set, any `callbackUrl` from the client will be ignored.
@@ -72,10 +74,10 @@ type NilePoolConfig = PoolConfig & {
     afterCreate?: AfterCreate;
 };
 type LoggerType = {
-    info?: (args: unknown[]) => void;
-    warn?: (args: unknown[]) => void;
-    error?: (args: unknown[]) => void;
-    debug?: (args: unknown[]) => void;
+    info?: (args: unknown | unknown[]) => void;
+    warn?: (args: unknown | unknown[]) => void;
+    error?: (args: unknown | unknown[]) => void;
+    debug?: (args: unknown | unknown[]) => void;
 };
 type ServerConfig = {
     databaseId?: string;
@@ -145,6 +147,13 @@ type Tenant = {
     name: string;
 };
 
+type Provider = {
+    id: string;
+    name: string;
+    type: string;
+    signinUrl: string;
+    callbackUr: string;
+};
 type JWT = {
     email: string;
     sub: string;
@@ -208,10 +217,25 @@ type NileRequest<T> = NRequest<T> | T;
 
 declare class Auth extends Config {
     headers?: Headers;
-    constructor(config: Config, headers?: Headers);
+    resetHeaders?: (headers?: Headers) => void;
+    constructor(config: Config, headers?: Headers, params?: {
+        resetHeaders: () => void;
+    });
     handleHeaders(init?: RequestInit): RequestInit | undefined;
     get sessionUrl(): string;
-    getSession: (req: NileRequest<void> | Headers, init?: RequestInit) => Promise<JWT | ActiveSession | Response | undefined>;
+    getSession: <T = JWT | ActiveSession | Response | undefined>(req: NileRequest<void> | Headers, init?: RequestInit) => Promise<T>;
+    get getCsrfUrl(): string;
+    getCsrf<T = Response | JSON>(req: NileRequest<void> | Headers, init?: RequestInit, raw?: boolean): Promise<T>;
+    get listProvidersUrl(): string;
+    listProviders: <T = Response | {
+        [key: string]: Provider;
+    }>(req: NileRequest<void> | Headers, init?: RequestInit) => Promise<T>;
+    get signOutUrl(): string;
+    signOut: <T = Response | {
+        url: string;
+    }>(req: NileRequest<void | {
+        callbackUrl?: string;
+    }> | Headers, init?: RequestInit) => Promise<T>;
 }
 
 declare class Tenants extends Config {
@@ -220,18 +244,18 @@ declare class Tenants extends Config {
     handleHeaders(init?: RequestInit): RequestInit | undefined;
     get tenantsUrl(): string;
     get tenantUrl(): string;
-    createTenant: (req: NileRequest<{
+    createTenant: <T = Tenant | Response>(req: NileRequest<{
         name: string;
-    }> | Headers | string, init?: RequestInit) => Promise<Tenant | Response>;
-    getTenant: (req: NileRequest<{
+    }> | Headers | string, init?: RequestInit) => Promise<T>;
+    getTenant: <T = Tenant | Response>(req: NileRequest<{
         id: string;
-    }> | Headers | string | void, init?: RequestInit) => Promise<Tenant | Response>;
+    }> | Headers | string | void, init?: RequestInit) => Promise<T>;
     get tenantListUrl(): string;
-    listTenants: (req: NileRequest<void> | Headers, init?: RequestInit) => Promise<Tenant[] | Response>;
-    deleteTenant: (req: NileRequest<void> | Headers | string, init?: RequestInit) => Promise<Response>;
-    updateTenant: (req: NileRequest<void> | Headers | {
+    listTenants: <T = Tenant[] | Response>(req: NileRequest<void> | Headers, init?: RequestInit) => Promise<T>;
+    deleteTenant: <T = Response>(req: NileRequest<void> | Headers | string, init?: RequestInit) => Promise<T>;
+    updateTenant: <T = Tenant | Response>(req: NileRequest<void> | Headers | {
         name: string;
-    }, init?: RequestInit) => Promise<Tenant | Response>;
+    }, init?: RequestInit) => Promise<T>;
 }
 
 declare class Users extends Config {
@@ -242,21 +266,21 @@ declare class Users extends Config {
     get linkUsersUrl(): string;
     get tenantUserUrl(): string;
     handleHeaders(init?: RequestInit): RequestInit | undefined;
-    createUser: (req: NileRequest<CreateBasicUserRequest>, init?: RequestInit) => Promise<User | Response>;
-    createTenantUser: (req: NileRequest<CreateBasicUserRequest>, init?: RequestInit) => Promise<User | Response>;
-    updateUser: (req: NileRequest<Partial<Omit<User, "email" | "tenants" | "created" | "updated">>>, init?: RequestInit) => Promise<User | Response>;
-    listUsers: (req: NileRequest<void> | Headers, init?: RequestInit) => Promise<User[] | Response>;
-    linkUser: (req: NileRequest<{
+    createUser: <T = User | Response>(req: NileRequest<CreateBasicUserRequest>, init?: RequestInit) => Promise<T>;
+    createTenantUser: <T = User | Response>(req: NileRequest<CreateBasicUserRequest>, init?: RequestInit) => Promise<T>;
+    updateUser: <T = User[] | Response>(req: NileRequest<Partial<Omit<User, "email" | "tenants" | "created" | "updated">>>, init?: RequestInit) => Promise<T>;
+    listUsers: <T = User[] | Response>(req: NileRequest<void> | Headers, init?: RequestInit) => Promise<T>;
+    linkUser: <T = User | Response>(req: NileRequest<{
         id: string;
         tenantId?: string;
-    }> | Headers | string, init?: RequestInit) => Promise<User | Response>;
-    unlinkUser: (req: NileRequest<{
+    }> | Headers | string, init?: RequestInit) => Promise<T>;
+    unlinkUser: <T = Response>(req: NileRequest<{
         id: string;
         tenantId?: string;
-    }> | Headers | string, init?: RequestInit) => Promise<Response>;
+    }> | Headers | string, init?: RequestInit) => Promise<T>;
     get meUrl(): string;
-    me: (req: NileRequest<void> | Headers, init?: RequestInit) => Promise<User | Response>;
-    updateMe: (req: NileRequest<Partial<Omit<User, "email" | "id" | "tenants" | "created" | "updated">>> | Headers, init?: RequestInit) => Promise<User | Response>;
+    me: <T = User | Response>(req: NileRequest<void> | Headers, init?: RequestInit) => Promise<T>;
+    updateMe: <T = User | Response>(req: NileRequest<Partial<Omit<User, "email" | "id" | "tenants" | "created" | "updated">>> | Headers, init?: RequestInit) => Promise<T>;
 }
 
 declare class Api {
@@ -279,13 +303,18 @@ declare class Api {
         put: string[];
     };
     constructor(config: Config);
-    updateConfig(config: Config): void;
+    reset: () => void;
+    updateConfig: (config: Config) => void;
+    resetHeaders: (headers?: Headers) => void;
     set headers(headers: Headers);
-    login(payload: {
+    get headers(): Headers | undefined;
+    login: (payload: {
         email: string;
         password: string;
-    }): Promise<void>;
-    session(req?: Request | Headers | null | undefined): Promise<Response | JWT | ActiveSession | null | undefined>;
+    }, config?: {
+        returnResponse?: boolean;
+    }) => Promise<Response | undefined>;
+    session: (req?: Request | Headers | null | undefined) => Promise<Response | JWT | ActiveSession | null | undefined>;
 }
 
 declare class Server {

package/dist/index.js

@@ -79,7 +79,7 @@ var X_NILE_SECURECOOKIES = "nile.secure_cookies";
 
 // src/api/utils/request.ts
 async function request(url, _init, config) {
-  const { info, error } = Logger(config, "[REQUEST]");
+  const { debug, info, error } = Logger(config, "[REQUEST]");
   const { request: request2, ...init } = _init;
   const requestUrl = new URL(request2.url);
   const updatedHeaders = new Headers({});
@@ -97,9 +97,17 @@ async function request(url, _init, config) {
   }
   updatedHeaders.set("host", requestUrl.host);
   if (config.api.callbackUrl) {
-    updatedHeaders.set(X_NILE_ORIGIN, config.api.callbackUrl);
+    const cbUrl = new URL(config.api.callbackUrl);
+    debug(
+      `Obtained origin from config.api.callbackUrl ${config.api.callbackUrl}`
+    );
+    updatedHeaders.set(X_NILE_ORIGIN, cbUrl.origin);
+  } else if (config.api.origin) {
+    debug(`Obtained origin from config.api.origin ${config.api.origin}`);
+    updatedHeaders.set(X_NILE_ORIGIN, config.api.origin);
   } else {
     updatedHeaders.set(X_NILE_ORIGIN, requestUrl.origin);
+    debug(`Obtained origin from request ${requestUrl.origin}`);
   }
   const params = { ...init, headers: updatedHeaders };
   if (params.method === "POST" || params.method === "PUT") {
@@ -426,6 +434,7 @@ var ApiConfig = class {
   routes;
   routePrefix;
   secureCookies;
+  origin;
   /**
    * The client side callback url. Defaults to nothing (so nile.origin will be it), but in the cases of x-origin, you want to set this explicitly to be sure nile-auth does the right thing
    * If this is set, any `callbackUrl` from the client will be ignored.
@@ -441,6 +450,7 @@ var ApiConfig = class {
     this.basePath = getBasePath(envVarConfig);
     this.routes = config?.api?.routes;
     this.routePrefix = config?.api?.routePrefix;
+    this.origin = config?.api?.origin;
   }
   get token() {
     return this._token;
@@ -1073,12 +1083,9 @@ async function _fetch(config, path, opts) {
     if (response?.status === 405) {
       return new ResponseError("Method not allowed", { status: 405 });
     }
-    let res;
     const errorHandler = typeof response?.clone === "function" ? response.clone() : null;
     let msg = "";
-    try {
-      res = await response?.json();
-    } catch (e) {
+    const res = await response?.json().catch(async (e) => {
       if (errorHandler) {
         msg = await errorHandler.text();
         if (msg) {
@@ -1091,7 +1098,8 @@ async function _fetch(config, path, opts) {
       if (!msg) {
         error("[fetch][response]", { e });
       }
-    }
+      return e;
+    });
     if (msg) {
       return new ResponseError(msg, { status: errorHandler?.status });
     }
@@ -1110,7 +1118,8 @@ async function _fetch(config, path, opts) {
     error(
       `[fetch][response][status: ${errorHandler?.status}] UNHANDLED ERROR`,
       {
-        res
+        response,
+        message: await response.text()
       }
     );
     return new ResponseError(null, {
@@ -1534,11 +1543,7 @@ function matches12(configRoutes, request2) {
 // src/api/routes/auth/password-reset.ts
 var key10 = "PASSWORD_RESET";
 async function route13(req, config) {
-  let url = proxyRoutes(config)[key10];
-  const { searchParams } = new URL(req.url);
-  if (searchParams.size > 0) {
-    url = `${url}?${searchParams.toString()}`;
-  }
+  const url = proxyRoutes(config)[key10];
   const res = await request(
     url,
     {
@@ -1651,8 +1656,16 @@ function POSTER(configRoutes, config) {
   const { info, warn, error } = Logger(config, "[POST MATCHER]");
   return async function POST5(req) {
     if (matchesLog(configRoutes, req)) {
-      error(req.body && await req.json());
-      return new Response(null, { status: 200 });
+      if (req.body) {
+        try {
+          const text = await req.text();
+          error(text);
+          return new Response(null, {
+            status: 200
+          });
+        } catch (e) {
+        }
+      }
     }
     if (matches3(configRoutes, req)) {
       info("matches tenant users");
@@ -1777,7 +1790,7 @@ var appRoutes = (prefix = "/api") => ({
   TENANT_USER: `${prefix}/tenants/{tenantId}/users/{userId}`,
   TENANT_USERS: `${prefix}/tenants/{tenantId}/users`,
   SIGNUP: `${prefix}/signup`,
-  LOG: `${prefix}/auth/_log`
+  LOG: `${prefix}/_log`
 });
 
 // src/utils/Requester/index.ts
@@ -1787,9 +1800,9 @@ var Requester = class extends Config {
   }
   async rawRequest(method, url, init, body) {
     const _init = {
-      ...init,
       body,
-      method
+      method,
+      ...init
     };
     const res = await _fetch(this, url, _init);
     if (res instanceof ResponseError) {
@@ -1858,8 +1871,11 @@ var Requester = class extends Config {
     }
     return response;
   }
-  async get(req, url, init) {
+  async get(req, url, init, raw = false) {
     const response = await this.request("GET", url, req, init);
+    if (raw) {
+      return response;
+    }
     if (response && response.status >= 200 && response.status < 300) {
       const cloned = response.clone();
       try {
@@ -1887,8 +1903,8 @@ var Requester = class extends Config {
 };
 
 // src/auth/index.ts
-var ORIGIN = "https://us-west-2.api.dev.thenile.dev";
 function serverLogin(config, handlers) {
+  const ORIGIN = config.api.origin ?? "http://localhost:3000";
   const { info, error, debug } = Logger(config, "[server side login]");
   const routes = appRoutes(config.api.routePrefix);
   return async function login({
@@ -1979,17 +1995,31 @@ function serverLogin(config, handlers) {
       ...baseHeaders,
       cookie: [token, csrfCookie].join("; ")
     });
-    return headers;
+    return [headers, loginRes];
   };
 }
 var Auth = class extends Config {
   headers;
-  constructor(config, headers) {
+  resetHeaders;
+  constructor(config, headers, params) {
     super(config);
+    this.logger = Logger(config, "[auth]");
     this.headers = headers;
+    this.logger = Logger(config, "[auth]");
+    this.resetHeaders = params?.resetHeaders;
   }
   handleHeaders(init) {
     if (this.headers) {
+      const cburl = getCallbackUrl2(this.headers);
+      if (cburl) {
+        try {
+          this.headers.set(X_NILE_ORIGIN, new URL(cburl).origin);
+        } catch (e) {
+          if (this.logger?.debug) {
+            this.logger.debug("Invalid URL supplied by cookie header");
+          }
+        }
+      }
       if (init) {
         init.headers = new Headers({ ...this.headers, ...init?.headers });
         return init;
@@ -2014,6 +2044,113 @@ var Auth = class extends Config {
     }
     return session;
   };
+  get getCsrfUrl() {
+    return "/auth/csrf";
+  }
+  async getCsrf(req, init, raw = false) {
+    const _requester = new Requester(this);
+    const _init = this.handleHeaders(init);
+    return await _requester.get(req, this.getCsrfUrl, _init, raw);
+  }
+  get listProvidersUrl() {
+    return "/auth/providers";
+  }
+  listProviders = async (req, init) => {
+    const _requester = new Requester(this);
+    const _init = this.handleHeaders(init);
+    return await _requester.get(req, this.listProvidersUrl, _init);
+  };
+  get signOutUrl() {
+    return "/auth/signout";
+  }
+  signOut = async (req, init) => {
+    const _requester = new Requester(this);
+    const _init = this.handleHeaders(init);
+    const csrf = await this.getCsrf(
+      req,
+      void 0,
+      true
+    );
+    const csrfHeader = getCsrfToken(csrf.headers, this.headers);
+    const callbackUrl = req && "callbackUrl" in req ? String(req.callbackUrl) : "/";
+    if (!csrfHeader) {
+      this.logger?.debug && this.logger.debug("Request blocked from invalid csrf header");
+      return new Response("Request blocked", { status: 400 });
+    }
+    const headers = new Headers(_init?.headers);
+    const { csrfToken } = await csrf.json() ?? {};
+    const cooks = getCookies(headers);
+    if (csrfHeader) {
+      if (cooks["__Secure-nile.csrf-token"]) {
+        cooks["__Secure-nile.csrf-token"] = encodeURIComponent(csrfHeader);
+      }
+      if (cooks["nile.csrf-token"]) {
+        cooks["nile.csrf-token"] = encodeURIComponent(csrfHeader);
+      }
+    }
+    headers.set(
+      "cookie",
+      Object.keys(cooks).map((key12) => `${key12}=${cooks[key12]}`).join("; ")
+    );
+    const res = await _requester.post(req, this.signOutUrl, {
+      method: "post",
+      body: JSON.stringify({
+        csrfToken,
+        callbackUrl,
+        json: String(true)
+      }),
+      ..._init,
+      headers
+    });
+    this.resetHeaders && this.resetHeaders();
+    return res;
+  };
+};
+function getCallbackUrl2(headers) {
+  if (headers) {
+    const cookies = getCookies(headers);
+    if (cookies) {
+      return cookies["__Secure-nile.callback-url"] || cookies["nile.callback-url"];
+    }
+  }
+}
+function getCsrfToken(headers, initHeaders) {
+  if (headers) {
+    const cookies = getCookies(headers);
+    let validCookie = "";
+    if (cookies) {
+      validCookie = cookies["__Secure-nile.csrf-token"] || cookies["nile.csrf-token"];
+    }
+    if (validCookie) {
+      return validCookie;
+    }
+  }
+  if (initHeaders) {
+    const cookies = getCookies(initHeaders);
+    if (cookies) {
+      return cookies["__Secure-nile.csrf-token"] || cookies["nile.csrf-token"];
+    }
+  }
+}
+var getCookies = (headers) => {
+  if (!headers) return {};
+  const cookieHeader = headers.get("cookie") || "";
+  const setCookieHeaders = headers.get("set-cookie") || "";
+  const allCookies = [
+    ...cookieHeader.split("; "),
+    // Regular 'cookie' header (semicolon-separated)
+    ...setCookieHeaders.split(/,\s*(?=[^;, ]+=)/)
+    // Smart split for 'set-cookie'
+  ].filter(Boolean);
+  return Object.fromEntries(
+    allCookies.map((cookie) => {
+      const [key12, ...val] = cookie.split("=");
+      return [
+        decodeURIComponent(key12.trim()),
+        decodeURIComponent(val.join("=").trim())
+      ];
+    })
+  );
 };
 
 // src/tenants/index.ts
@@ -2220,7 +2357,9 @@ var Api = class {
   paths;
   constructor(config) {
     this.config = config;
-    this.auth = new Auth(config);
+    this.auth = new Auth(config, void 0, {
+      resetHeaders: this.resetHeaders
+    });
     this.users = new Users(config);
     this.tenants = new Tenants(config);
     this.routes = {
@@ -2250,7 +2389,7 @@ var Api = class {
         this.routes.USERS,
         this.routes.TENANTS,
         this.routes.SESSION,
-        this.routes.SIGNIN,
+        `${this.routes.SIGNIN}/{provider}`,
         this.routes.PASSWORD_RESET,
         this.routes.PROVIDERS,
         this.routes.CSRF,
@@ -2266,27 +2405,47 @@ var Api = class {
       delete: [this.routes.TENANT_USER, this.routes.TENANT]
     };
   }
-  updateConfig(config) {
+  reset = () => {
+    this.users = new Users(this.config, this._headers);
+    this.tenants = new Tenants(this.config, this._headers);
+    this.auth = new Auth(this.config, this._headers, {
+      resetHeaders: this.resetHeaders
+    });
+  };
+  updateConfig = (config) => {
     this.config = config;
     this.handlers = Handlers(this.routes, config);
-  }
+  };
+  resetHeaders = (headers) => {
+    this._headers = new Headers(headers ?? {});
+    this.reset();
+  };
   set headers(headers) {
-    this.users = new Users(this.config, headers);
-    this.tenants = new Tenants(this.config, headers);
-    this.auth = new Auth(this.config, headers);
     this._headers = headers;
+    this.reset();
   }
-  async login(payload) {
-    this.headers = await serverLogin(this.config, this.handlers)(payload);
+  get headers() {
+    return this._headers;
   }
-  async session(req) {
+  login = async (payload, config) => {
+    const [headers, loginRes] = await serverLogin(
+      this.config,
+      this.handlers
+    )(payload);
+    this.headers = headers;
+    if (config?.returnResponse) {
+      return loginRes;
+    }
+    return void 0;
+  };
+  session = async (req) => {
     if (req instanceof Headers) {
       return this.auth.getSession(req);
     } else if (req instanceof Request) {
       return auth(req, this.config);
     }
     return this.auth.getSession(this._headers);
-  }
+  };
 };
 
 // src/Server.ts